$users_groups[$db_group['userid']][] = new CLink($db_group['name'], 'users.php?form=update&config=1&usrgrpid=' . $db_group['usrgrpid'] . '#form');
}
foreach ($userids as $id => $userid) {
$user =& $users[$userid];
//Log Out 10min or Autologout time
$online_time = $user['autologout'] == 0 || ZBX_USER_ONLINE_TIME < $user['autologout'] ? ZBX_USER_ONLINE_TIME : $user['autologout'];
$online = new CCol(S_NO, 'disabled');
if (isset($users_sessions[$userid])) {
$session =& $users_sessions[$userid];
if (ZBX_SESSION_ACTIVE == $session['status'] && $session['lastaccess'] + $online_time >= time()) {
$online = new CCol(S_YES . ' (' . date('r', $session['lastaccess']) . ')', 'enabled');
} else {
$online = new CCol(S_NO . ' (' . date('r', $session['lastaccess']) . ')', 'disabled');
}
}
$user['users_status'] = check_perm2system($userid);
$user['gui_access'] = get_user_auth($userid);
$users_status = $user['users_status'] ? S_ENABLED : S_DISABLED;
$gui_access = user_auth_type2str($user['gui_access']);
$users_status = new CSpan($users_status, $user['users_status'] ? 'green' : 'red');
$gui_access = new CSpan($gui_access, $user['gui_access'] == GROUP_GUI_ACCESS_DISABLED ? 'orange' : 'green');
$action = get_user_actionmenu($userid);
$table->addRow(array(array(new CCheckBox('group_userid[' . $userid . ']', NULL, NULL, $userid), new CLink($user['alias'], 'users.php?form=update' . url_param('config') . '&userid=' . $userid . '#form', 'action')), $user['name'], $user['surname'], user_type2str($user['type']), isset($users_groups[$userid]) ? $users_groups[$userid] : '', $online, $gui_access, $users_status, $action));
$row_count++;
}
$table->SetFooter(new CCol(new CButtonQMessage('delete_selected', S_DELETE_SELECTED, S_DELETE_SELECTED_USERS_Q)));
$form->AddItem($table);
$form->show();
$jsmenu = new CPUMenu(null, 270);
$jsmenu->InsertJavaScript();
set_users_jsmenu_array();
** along with this program; if not, write to the Free Software
** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
**/
$widget = (new CWidget())->setTitle(_('Authentication'));
// create form
$authenticationForm = (new CForm())->setName('authenticationForm');
// create form list
$authenticationFormList = new CFormList('authenticationList');
// append config radio buttons to form list
$authenticationFormList->addRow(_('Default authentication'), (new CRadioButtonList('config', (int) $this->data['config']['authentication_type']))->addValue(_x('Internal', 'authentication'), ZBX_AUTH_INTERNAL, null, 'submit()')->addValue(_('LDAP'), ZBX_AUTH_LDAP, null, 'submit()')->addValue(_('HTTP'), ZBX_AUTH_HTTP, null, 'submit()')->setModern(true));
// append LDAP fields to form list
if ($this->data['config']['authentication_type'] == ZBX_AUTH_LDAP) {
if ($this->data['user_list']) {
$userComboBox = new CComboBox('user', $this->data['user']);
foreach ($this->data['user_list'] as $user) {
if (check_perm2login($user['userid']) && check_perm2system($user['userid'])) {
$userComboBox->addItem($user['alias'], $user['alias']);
}
}
} else {
$userComboBox = (new CTextBox('user', $this->data['user'], true))->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH);
}
$authenticationFormList->addRow(_('LDAP host'), (new CTextBox('ldap_host', $this->data['config']['ldap_host']))->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH));
$authenticationFormList->addRow(_('Port'), (new CNumericBox('ldap_port', $this->data['config']['ldap_port'], 5))->setWidth(ZBX_TEXTAREA_NUMERIC_STANDARD_WIDTH));
$authenticationFormList->addRow(_('Base DN'), (new CTextBox('ldap_base_dn', $this->data['config']['ldap_base_dn']))->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH));
$authenticationFormList->addRow(_('Search attribute'), (new CTextBox('ldap_search_attribute', zbx_empty($this->data['config']['ldap_search_attribute']) && $this->data['form_refresh'] == 0 ? 'uid' : $this->data['config']['ldap_search_attribute'], false, 128))->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH));
$authenticationFormList->addRow(_('Bind DN'), (new CTextBox('ldap_bind_dn', $this->data['config']['ldap_bind_dn']))->setWidth(ZBX_TEXTAREA_STANDARD_WIDTH));
// bind password
if (isset($this->data['change_bind_password']) || zbx_empty($this->data['config']['ldap_bind_password'])) {
$authenticationForm->addVar('change_bind_password', 1);
$authenticationFormList->addRow(_('Bind password'), (new CPassBox('ldap_bind_password'))->setWidth(ZBX_TEXTAREA_SMALL_WIDTH));
/**
* Check if session ID is authenticated
*
* {@source}
* @access public
* @static
* @since 1.8
* @version 1
*
* @param _array $session
* @param array $session['sessionid'] Session ID
* @return boolean
*/
public static function checkAuthentication($user = null)
{
global $USER_DETAILS;
global $ZBX_LOCALNODEID;
global $ZBX_NODES;
$sessionid = is_null($user) ? null : $user['sessionid'];
$USER_DETAILS = NULL;
$login = FALSE;
if (!is_null($sessionid)) {
$sql = 'SELECT u.*,s.* ' . ' FROM sessions s,users u' . ' WHERE s.sessionid=' . zbx_dbstr($sessionid) . ' AND s.status=' . ZBX_SESSION_ACTIVE . ' AND s.userid=u.userid' . ' AND ((s.lastaccess+u.autologout>' . time() . ') OR (u.autologout=0))' . ' AND ' . DBin_node('u.userid', $ZBX_LOCALNODEID);
$login = $USER_DETAILS = DBfetch(DBselect($sql));
if (!$USER_DETAILS) {
$incorrect_session = true;
} else {
if ($login['attempt_failed']) {
DBexecute('UPDATE users SET attempt_failed=0 WHERE userid=' . $login['userid']);
}
}
}
if (!$USER_DETAILS && !isset($_SERVER['PHP_AUTH_USER'])) {
$sql = 'SELECT u.* ' . ' FROM users u ' . ' WHERE u.alias=' . zbx_dbstr(ZBX_GUEST_USER) . ' AND ' . DBin_node('u.userid', $ZBX_LOCALNODEID);
$login = $USER_DETAILS = DBfetch(DBselect($sql));
if (!$USER_DETAILS) {
$missed_user_guest = true;
} else {
$sessionid = zbx_session_start($USER_DETAILS['userid'], ZBX_GUEST_USER, '');
}
}
// Perm to login, perm to system
if ($login) {
$login = check_perm2login($USER_DETAILS['userid']) && check_perm2system($USER_DETAILS['userid']);
}
if (!$login) {
$USER_DETAILS = NULL;
}
if ($login && $sessionid && !isset($incorrect_session)) {
zbx_setcookie('zbx_sessionid', $sessionid, $USER_DETAILS['autologin'] ? time() + 86400 * 31 : 0);
//1 month
DBexecute('UPDATE sessions SET lastaccess=' . time() . ' WHERE sessionid=' . zbx_dbstr($sessionid));
if ($USER_DETAILS['autologout'] > 0) {
DBexecute('DELETE FROM sessions WHERE userid=' . $USER_DETAILS['userid'] . ' AND status=' . ZBX_SESSION_ACTIVE . ' AND lastaccess<' . (time() - $USER_DETAILS['autologout']));
}
} else {
self::logout($sessionid);
}
if ($USER_DETAILS) {
if (isset($ZBX_NODES[$ZBX_LOCALNODEID])) {
$USER_DETAILS['node'] = $ZBX_NODES[$ZBX_LOCALNODEID];
} else {
$USER_DETAILS['node'] = array();
$USER_DETAILS['node']['name'] = '- unknown -';
$USER_DETAILS['node']['nodeid'] = $ZBX_LOCALNODEID;
}
$USER_DETAILS['debug_mode'] = get_user_debug_mode($USER_DETAILS['userid']);
} else {
$USER_DETAILS = array('alias' => ZBX_GUEST_USER, 'userid' => 0, 'lang' => 'en_gb', 'type' => '0', 'node' => array('name' => '- unknown -', 'nodeid' => 0));
}
$userip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
$USER_DETAILS['userip'] = $userip;
if (!$login || isset($incorrect_session) || isset($missed_user_guest)) {
if (isset($incorrect_session)) {
$message = 'Session terminated, re-login, please';
} else {
if (isset($missed_user_guest)) {
$row = DBfetch(DBselect('SELECT count(u.userid) as user_cnt FROM users u'));
if (!$row || $row['user_cnt'] == 0) {
$message = 'Table users is empty. Possible database corruption.';
// S_CUSER_ERROR_TABLE_USERS_EMPTY
}
}
}
if (!isset($_REQUEST['message']) && isset($message)) {
$_REQUEST['message'] = $message;
}
return false;
}
return true;
}
function check_authorisation()
{
global $DB;
global $page;
global $PHP_AUTH_USER, $PHP_AUTH_PW;
global $USER_DETAILS;
global $ZBX_LOCALNODEID;
$USER_DETAILS = NULL;
$login = FALSE;
$sessionid = get_cookie('zbx_sessionid');
if (!is_null($sessionid)) {
$sql = 'SELECT u.*,s.* ' . ' FROM sessions s,users u' . ' WHERE s.sessionid=' . zbx_dbstr($sessionid) . ' AND s.status=' . ZBX_SESSION_ACTIVE . ' AND s.userid=u.userid' . ' AND ((s.lastaccess+u.autologout>' . time() . ') OR (u.autologout=0))' . ' AND ' . DBin_node('u.userid', $ZBX_LOCALNODEID);
$login = $USER_DETAILS = DBfetch(DBselect($sql));
if (!$USER_DETAILS) {
$incorrect_session = true;
} else {
if ($login['attempt_failed']) {
error(new CScript(array(bold($login['attempt_failed']), 'failed login attempts logged. Last failed attempt was from ', bold($login['attempt_ip']), ' on ', bold(date('d.m.Y H:i', $login['attempt_clock'])), '.')));
DBexecute('UPDATE users SET attempt_failed=0 WHERE userid=' . $login['userid']);
}
}
}
if (!$USER_DETAILS && !isset($_SERVER['PHP_AUTH_USER'])) {
$sql = 'SELECT u.* ' . ' FROM users u ' . ' WHERE u.alias=' . zbx_dbstr(ZBX_GUEST_USER) . ' AND ' . DBin_node('u.userid', $ZBX_LOCALNODEID);
$login = $USER_DETAILS = DBfetch(DBselect($sql));
if (!$USER_DETAILS) {
$missed_user_guest = true;
}
}
if ($login) {
$login = check_perm2login($USER_DETAILS['userid']) && check_perm2system($USER_DETAILS['userid']);
}
if (!$login) {
$USER_DETAILS = NULL;
}
if ($login && !isset($incorrect_session)) {
zbx_setcookie('zbx_sessionid', $sessionid, $USER_DETAILS['autologin'] ? time() + 86400 * 31 : 0);
//1 month
DBexecute('UPDATE sessions SET lastaccess=' . time() . ' WHERE sessionid=' . zbx_dbstr($sessionid));
} else {
zbx_unsetcookie('zbx_sessionid');
DBexecute('UPDATE sessions SET status=' . ZBX_SESSION_PASSIVE . ' WHERE sessionid=' . zbx_dbstr($sessionid));
unset($sessionid);
}
if ($USER_DETAILS) {
$USER_DETAILS['node'] = DBfetch(DBselect('SELECT * FROM nodes WHERE nodeid=' . id2nodeid($USER_DETAILS['userid'])));
if (empty($USER_DETAILS['node'])) {
$USER_DETAILS['node']['name'] = '- unknown -';
$USER_DETAILS['node']['nodeid'] = $ZBX_LOCALNODEID;
}
} else {
$USER_DETAILS = array('alias' => ZBX_GUEST_USER, 'userid' => 0, 'lang' => 'en_gb', 'type' => '0', 'node' => array('name' => '- unknown -', 'nodeid' => 0));
}
$userip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) && !empty($_SERVER['HTTP_X_FORWARDED_FOR']) ? $_SERVER['HTTP_X_FORWARDED_FOR'] : $_SERVER['REMOTE_ADDR'];
$USER_DETAILS['userip'] = $userip;
if (!$login || isset($incorrect_session) || isset($missed_user_guest)) {
if (isset($incorrect_session)) {
$message = 'Session was ended, please relogin!';
} else {
if (isset($missed_user_guest)) {
$row = DBfetch(DBselect('SELECT count(u.userid) as user_cnt FROM users u'));
if (!$row || $row['user_cnt'] == 0) {
$message = 'Table users is empty. Possible database corruption.';
}
}
}
if (!isset($_REQUEST['message']) && isset($message)) {
$_REQUEST['message'] = $message;
}
include 'index.php';
exit;
}
}
/**
* Check if session id is authenticated.
*
* @param string $sessionid session id
*
* @return array an array of user data
*/
public function checkAuthentication($sessionid)
{
global $ZBX_LOCALNODEID;
// access DB only once per page load
if (!is_null(self::$userData)) {
return self::$userData;
}
$time = time();
$userInfo = DBfetch(DBselect('SELECT u.userid,u.autologout,s.lastaccess' . ' FROM sessions s,users u' . ' WHERE s.sessionid=' . zbx_dbstr($sessionid) . ' AND s.status=' . ZBX_SESSION_ACTIVE . ' AND s.userid=u.userid' . ' AND (s.lastaccess+u.autologout>' . $time . ' OR u.autologout=0)' . andDbNode('u.userid', $ZBX_LOCALNODEID)));
if (!$userInfo) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('Session terminated, re-login, please.'));
}
// don't check permissions on the same second
if ($time != $userInfo['lastaccess']) {
if (!check_perm2system($userInfo['userid'])) {
self::exception(ZBX_API_ERROR_PARAMETERS, _('No permissions for system access.'));
}
if ($userInfo['autologout'] > 0) {
DBexecute('DELETE FROM sessions WHERE userid=' . $userInfo['userid'] . ' AND lastaccess<' . (time() - $userInfo['autologout']));
}
DBexecute('UPDATE sessions SET lastaccess=' . time() . ' WHERE userid=' . $userInfo['userid'] . ' AND sessionid=' . zbx_dbstr($sessionid));
}
$dbAccess = DBfetch(DBselect('SELECT MAX(g.gui_access) AS gui_access' . ' FROM usrgrp g,users_groups ug' . ' WHERE ug.userid=' . $userInfo['userid'] . ' AND g.usrgrpid=ug.usrgrpid'));
if (!zbx_empty($dbAccess['gui_access'])) {
$guiAccess = $dbAccess['gui_access'];
} else {
$guiAccess = GROUP_GUI_ACCESS_SYSTEM;
}
$userData = $this->_getUserData($userInfo['userid']);
$userData['sessionid'] = $sessionid;
$userData['gui_access'] = $guiAccess;
CWebUser::$data = self::$userData = $userData;
return $userData;
}
case ZBX_AUTH_INTERNAL:
default:
$alt_auth = ZBX_AUTH_INTERNAL;
$login = true;
}
}
if ($login) {
$login = $row = DBfetch(DBselect('SELECT u.userid,u.alias,u.name,u.surname,u.url,u.refresh,u.passwd ' . ' FROM users u, users_groups ug, usrgrp g ' . ' WHERE u.alias=' . zbx_dbstr($name) . (ZBX_AUTH_INTERNAL == $authentication_type ? ' AND u.passwd=' . zbx_dbstr($password) : '') . ' AND ' . DBin_node('u.userid', $ZBX_LOCALNODEID)));
}
/* update internal pass if it's different
if($login && ($row['passwd']!=$password) && (ZBX_AUTH_INTERNAL!=$authentication_type)){
DBexecute('UPDATE users SET passwd='.zbx_dbstr($password).' WHERE userid='.$row['userid']);
}
*/
if ($login) {
$login = check_perm2login($row['userid']) && check_perm2system($row['userid']);
}
if ($login) {
$sessionid = md5(time() . $password . $name . rand(0, 10000000));
zbx_setcookie('zbx_sessionid', $sessionid);
DBexecute('INSERT INTO sessions (sessionid,userid,lastaccess,status) VALUES (' . zbx_dbstr($sessionid) . ',' . $row['userid'] . ',' . time() . ',' . ZBX_SESSION_ACTIVE . ')');
add_audit(AUDIT_ACTION_LOGIN, AUDIT_RESOURCE_USER, 'Correct login [' . $name . ']');
if (empty($row['url'])) {
$USER_DETAILS['alias'] = $row['alias'];
$USER_DETAILS['userid'] = $row['userid'];
$row['url'] = get_profile('web.menu.view.last', 'index.php');
unset($USER_DETAILS);
}
redirect($row['url']);
die;
} else {